Docker私有仓库harbor

Docker私有仓库harbor

Harbor私有仓库介绍


Harbor 是为企业用户设计的容器镜像仓库开源项目,包括了权限管理(RBAC)、LDAP、审计、安全漏洞扫描、镜像验真、管理界面、自我注册、HA 等企业必需的功能,同时针对中国用户的特点,设计镜像复制和中文支持等功能。

官网:TP

Harbor部署


# 1.安装docker-compose
[root@db01 ~]$ yum install -y docker-compose

# 2.检查是否安装成功
[root@db01 ~]$ docker-compose version
docker-compose version 1.18.0, build 8dd22a9
docker-py version: 2.6.1
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017

# 3.下载harbor安装包
[root@db01 ~]$ wget https://github.com/goharbor/harbor/releases/download/v2.3.4/harbor-offline-installer-v2.3.4.tgz

# 4.解压
[root@db01 ~]$ tar xf harbor-offline-installer-v1.9.0-rc1.tgz

# 5.修改配置文件
[root@db01 harbor]$ vim /root/harbor/harbor.yml
hostname: 10.0.0.51
harbor_admin_password: 123

# 6.安装harbor
[root@db01 harbor]$ ll
-rw-r--r-- 1 root root 619632806 Sep  4  2019 harbor.v1.9.0.tar.gz
-rw-r--r-- 1 root root      5790 Nov 18 09:48 harbor.yml
-rwxr-xr-x 1 root root      5088 Sep  4  2019 install.sh
-rw-r--r-- 1 root root     11347 Sep  4  2019 LICENSE
-rwxr-xr-x 1 root root      1748 Sep  4  2019 prepare

[root@db01 harbor]$ ./install.sh

[root@db01 /tmp/harbor]$ ll
drwxr-xr-x 3 root root        20 Nov 18 09:49 common
-rw-r--r-- 1 root root      5285 Nov 18 09:49 docker-compose.yml
-rw-r--r-- 1 root root 619632806 Sep  4  2019 harbor.v1.9.0.tar.gz
-rw-r--r-- 1 root root      5790 Nov 18 09:48 harbor.yml
-rwxr-xr-x 1 root root      5088 Sep  4  2019 install.sh
-rw-r--r-- 1 root root     11347 Sep  4  2019 LICENSE
-rwxr-xr-x 1 root root      1748 Sep  4  2019 prepare

打开电饭煲访问:http://10.0.0.51/

harbor页面不显示排错思路

1、查看日志,是否正常

2、如果日志正常,使用curl命令,是否能获取到harbor网页,

3、如果能获取到harbor网页,则证明docker启动harbor没有问题

4、宿主机到浏览器是不通的,使用telnet验证80端口是否通

5、如果不通,查看宿主机防火墙、selinux、内核转发是否开启

Harbor的使用


# harbor的启停
[root@db01 ~]$ cd harbor/
[root@db01 harbor]$ docker-compose stop
[root@db01 harbor]$ docker-compose start
[root@db01 harbor]$ docker-compose restart


# 上传镜像到harbor
需要修改镜像名称
## 命名规则:
## harbor地址/项目名称/镜像名称:标签

10.0.0.51/guanwang/centos7:v2


# docker修改镜像名称
## docker tag :重命名镜像,类似于cp,原镜像还在
[root@db01 ~]$ docker tag centos:7 centos7:v1
[root@db01 ~]$ docker tag centos:7 10.0.0.51/guanwang/centos7:v2


# 修改docker配置文件
{
"bip": "192.168.200.1/24",
"registry-mirrors": ["https://pgz00k39.mirror.aliyuncs.com"],
"insecure-registries": ["http://10.0.0.51"]				# //添加harbor网页
}

# 重启docker
[root@db01 harbor]$ systemctl restart docker


# 登录harbor
[root@db01 harbor]$ docker login 10.0.0.51
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded


# 推送镜像,必须先在harbor上面创建对应项目
[root@db01 harbor]$ docker push 10.0.0.51/guanwang/centos7:v2

Harbor拉镜像


# 1.修改配置文件
[root@db02 ~]$ vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://pgz00k39.mirror.aliyuncs.com"],
"insecure-registries": ["http://10.0.0.51"]			# //添加harbor页面uri
}


# 2.重启docker
[root@db02 ~]$ systemctl restart docker


# 3.登录harbor认证
[root@db02 ~]$ docker login 10.0.0.51
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded


# 4.拉取镜像
[root@db02 ~]$ docker pull 10.0.0.51/guanwang/centos7:v2
v2: Pulling from guanwang/centos7
Digest: sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f
Status: Downloaded newer image for 10.0.0.51/guanwang/centos7:v2
10.0.0.51/guanwang/centos7:v2

[root@db02 ~]$ docker images
REPOSITORY                         TAG       IMAGE ID       CREATED                  SIZE
10.0.0.51/guanwang/centos7         v2        eeb6ee3f44bd   2 months ago             204MB

自制镜像推送到Harbor


自动构建wordpress镜像

harbor创建对应项目

  • MySQL镜像
# 拉取纯净版MySQL镜像
[root@db01 ~]$ docker pull mysql:5.7

# 修改MySQL镜像名称
[root@db01 ~]$ docker tag mysql:5.7 10.0.0.51/blog/wordpress_mysql:v1

# 推送镜像到 Harbor
[root@db01 ~]$ docker push 10.0.0.51/blog/wordpress_mysql:v1
  • centos7镜像
# 拉取纯净版sentos7镜像
[root@db01 ~]$ docker pull sentos:7


# 工作目录下准备好需要的代码包、配置文件、脚本...
[root@db01 /Dockerfile/wordpress]$ ll
total 35264
-rw-r--r-- 1 root root 19674604 Aug 18 12:13 php.tgz
-rw-r--r-- 1 root root      256 Nov 16 19:56 proxy_params
-rw-r--r-- 1 root root      100 Nov 18 11:15 start.sh
-rw-r--r-- 1 root root      386 Nov 16 19:51 wordpress.conf
-rw-r--r-- 1 root root 16414590 Aug 28 16:21 wordpress.tgz
[root@db01 /Dockerfile/wordpress]$ vim wordpress.conf 
server {
        listen 80;
        server_name blog.wj.com;
        root /code/wordpress;

        location  / {
                index index.php index.html;
        }

        location ~ \.php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include /etc/nginx/fastcgi_params;
        }
}

# 编写Dockerfile
[root@db01 /Dockerfile/wordpress]$ vim Dockerfile
FROM centos:7
ADD php.tgz /opt
RUN rm -fr /etc/yum.repos.d/* \
    && curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo \
    && curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo \
    && sed -i '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo \
    && sed -i '/mirrors.cloud.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo \
    && yum install -y nginx \
    && yum localinstall -y /opt/*.rpm \
    && sed -i 's#user = apache#user = nginx#g' /etc/php-fpm.d/www.conf \
    && sed -i 's#group = apache#group = nginx#g' /etc/php-fpm.d/www.conf \
    && mkdir /code
COPY wordpress.conf /etc/nginx/conf.d/wordpress.conf
COPY proxy_params /etc/nginx/proxy_params
COPY start.sh /start.sh
ADD wordpress.tgz /code/
RUN chown -R nginx.nginx /code \
    && rm -rf /code/wordpress/wp-config.php \
    && rm -rf /opt/* \
    && yum clean all
EXPOSE 80
EXPOSE 9000
CMD ["/bin/sh","/start.sh"]


# 自动构建镜像
[root@db01 /Dockerfile/wordpress]$ docker build -t nginx_php:v1 .	# //如果要推送harbor,就需要改名
[root@db01 /Dockerfile/wordpress]$ docker build -t 10.0.0.51/blog/wordpress:v1 .  # //推荐直接使用harbor格式镜像名称

[root@db01 /Dockerfile/wordpress]$ docker images
REPOSITORY                      TAG                        IMAGE ID       CREATED              SIZE
10.0.0.51/blog/wordpress        v1                         1d0f94af80ae   About a minute ago   721MB
10.0.0.51/blog/wordpress_mysql  v1                         8b43c6af2ad0   25 hours ago         448MB


# 推送镜像至harbor
[root@db01 /Dockerfile/wordpress]$ docker push 10.0.0.51/blog/wordpress:v1

部署项目

### 部署项目
## 创建MySQL的数据目录
[root@db02 ~]$ mkdir /data/mysql/data -p

## 创建wordpress用户数据存储目录
[root@db02 ~]$ mkdir /data/worepress/data -p


## 从harbor拉取代码准备工作
# 1.修改docker配置文件并重启
[root@db02 ~]$ vim /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://pgz00k39.mirror.aliyuncs.com"],
  "insecure-registries": ["http://10.0.0.51"]
}

[root@db02 ~]$ systemctl restart docker


# 2.登录harbor认证用户
[root@db02 ~]$ docker login 10.0.0.51


===================================================================================================================
## 启动MySQL,自动拉取harbor镜像
docker run \
--name wordpress-mysql \
-p 3306:3306 \
-v /data/mysql/data:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=123 \
-e MYSQL_DATABASE=wordpress \
-e MYSQL_USER=wordpress \
-e MYSQL_PASSWORD=123 \
-d 10.0.0.51/blog/wordpress_mysql:v1 \
--character-set-server=utf8 \
--collation-server=utf8_general_ci

## 启动nginx、php,自动拉取harbor镜像
docker run \
--name wordpress-nginx-php \
--link wordpress-mysql \
-p 80:80 \
-d 10.0.0.51/blog/wordpress:v1

## 检查端口
[root@db02 ~]$ netstat -lntup|grep docker
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      35026/docker-proxy  
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      35310/docker-proxy  
tcp6       0      0 :::3306                 :::*                    LISTEN      35030/docker-proxy  
tcp6       0      0 :::80                   :::*                    LISTEN      35314/docker-proxy  

本地做域名解析:10.0.0.51 blog.xxx.com

访问blog.xxx.com

posted @ 2023-05-11 09:38  AnOldSong  阅读(166)  评论(0编辑  收藏  举报